PT-2026-50448 · Openstack · Horizon

Published

2026-06-17

Updated

2026-06-17

CVE-2026-55748

CVSS v3.1

6.0

Medium

Vector

AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:L

OpenStack Horizon before 25.7.4 produces scripts for OpenStack RC file downloading that may have a crafted project name with shell metacharacters. NOTE: some parties consider this a security hardening opportunity to address certain types of user error, not a vulnerability.

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2026-55748

Affected Products

Horizon

PT-2026-50448 · Openstack · Horizon

CVE-2026-55748

Weakness Enumeration

Related Identifiers

Affected Products

References · 2